Security 0-days hitting Fedora and Ubuntu open desktops

e1-531g · #1 **(View Single Post)** 16th December 2016

http://arstechnica.com/security/2016...s-now-a-thing/

Quote:

The exploit ending in .flac works as a drive-by attack when a Fedora 25 user visits a booby-trapped webpage. With nothing more than a click required, the file will open the desktop calculator. With modification, it could load any code an attacker chooses and execute it with the same system privileges afforded to the user. While users typically don't have the same unfettered system privileges granted to root, the ones they do have are plenty powerful. Such an exploit can, for instance, read and steal all the user's most personal data, including documents, pictures, e-mail, and chat transcripts. It could also steal the user's browser cookies and sessions for Gmail, Facebook, Twitter, and other sites. It could additionally persist across reboots, although not as stealthily as a root exploit. And as is growing increasingly common, it could be combined with a local root privilege exploit to gain full system rights. Here's a video of it in action:

Added:
I wasn't able to reproduce this attack on OpenBSD.

Code:

chrome(28032) in free(): use after free 0x1fddfd7ab240
Abort trap (core dumped)

But maybe exploit should be just rewritten for OpenBSD.

scottro · #2 **(View Single Post)** 17th December 2016

So, if I am running a minimal desktop such as dwm or openbox, and don't have a desktop calculator installed, is it still vulnerable?

e1-531g · #3 **(View Single Post)** 17th December 2016

Quote:

Originally Posted by scottro

So, if I am running a minimal desktop such as dwm or openbox, and don't have a desktop calculator installed, is it still vulnerable?

If attacker can run calculator, he probably can run anything (in the context of logged user). Calculator is just an example.

Vulnerability is in Super Nintendo SPC-700 emulator used by gstreamer media playback framework. I don't know whether OpenBSD's antiexploit mitigations can prevent attack on this vulnerability.

Added:
I was trying to figure out whether Game Music Emu is present in ports but I think it is not. gst-inspect also does not know anything about snes or nintendo.

scottro · #4 **(View Single Post)** 17th December 2016

Ah, I see, I didn't read as closely as I should have. Thank you.

sevendogs · #5 **(View Single Post)** 13th January 2017

Good post, thanks OP. Some people think Linux/Unix are not prone to attacks but any OS is. Makes a good case for backing up your data.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Internet routers hitting 512K limit, some become unreliable	J65nko	News	0	14th August 2014 08:11 AM
1100 days...gone	rocket357	Other BSD and UNIX/UNIX-like	4	24th April 2011 01:53 PM
Get the Days of the Week	cksraj	Programming	3	26th September 2009 11:01 AM
my X11 or Gnome kill after 5 days	mfaridi	FreeBSD General	14	13th November 2008 04:27 AM
How to view & open DOCX files in Ubuntu/OpenOffice.	unixdude	Other BSD and UNIX/UNIX-like	0	11th July 2008 08:38 AM